[c-nsp] Radius Accounting

[pamela pomary]

Hello Folks,

I have a task to control students browsing in our computer labs in the
University by giving them specified times or credit they can browse in a
day. I have TekRADIUS as my Radius server and Cisco 2960 switch as a client.
I have set accounting attributes on the Radius server.
I have also configured accounting on the on a C2960 switch as follows. I
want to allow 2 hours of browsing for students who connect to a dot1x
enabled port on a C2960 switch and allow reauthentication after 2 hours
after which their session will time out because they have exhausted their
time for the day.
Accounting information for students have been defined on the Radius server.
The switch however will receive accounting information from the Radius
server. I haven't been able to cause reauthentication on the port on the
cisco switch from what I have configure so far.
 Any help will be very much appreciated.



aaa authentication login default group radius local
aaa authentication dot1x default group radius
aaa authorization exec default group radius if-authenticated
aaa authorization network default group radius
aaa accounting update newinfo
aaa accounting dot1x default start-stop group radius
aaa accounting exec default start-stop group radius
aaa accounting system default start-stop group radius

For testing purposes, I have set the time out tx-period and auth-period to
120 seconds on the ethernet ports

interface FastEthernet0/10
 switchport access vlan 6
 switchport mode access
 authentication host-mode multi-auth
 authentication order dot1x mab
 authentication port-control auto
 authentication timer reauthenticate server
 authentication violation protect
 dot1x pae both
 dot1x timeout tx-period 120
 dot1x timeout auth-period 120
 spanning-tree portfast